Jailbreakers use Apple crash reports to 'free' iPhones

Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple's phone software.

Jailbreaking involves unlocking a device so that it is not restricted to running software officially approved by the manufacturer.

Mobile phones that run Google's Android operating system do not face this restriction and Microsoft allows its Windows Phone 7 operating system to be unlocked. But Apple has always fought very hard to prevent anyone jailbreaking its devices.

The latest version of the iPhone's operating system is proving to be extremely hard to jailbreak fully, according to Joshua Hill, a member of the Chronic Dev hacker team.

"Apple is really making it tough for us. The iPhone is now better protected than most nuclear missile facilities," he says.

Bug hunt

Hackers like Mr Hill hunt for programming errors, or bugs, in Apple's software. Bugs may result in a program crashing or shutting down, and they are like gold dust to hackers because sometimes they can be exploited to create a jailbreak.

To help prevent this, Apple's phones record details of program crashes and send these reports back to the company. Apple's programmers can then analyse the crash reports and fix any underlying bugs that pose serious security risks or that could be exploited to create a jailbreak.

But crash reporting causes particular problems for Mr Hill and his team. That is because the hackers may have to crash a particular program thousands of times as they work out how to exploit a bug successfully, Mr Hill says, and this alerts Apple that the bug exists and that hackers may be investigating it.

There's nothing Apple can do that would make jailbreaking impossible.Joshua Hill, Chronic Dev

In September Mr Hill was working on exploiting five separate bugs found in early versions of Apple's iOS 5 software to create a full or "untethered" jailbreak, but the most important ones had been patched by Apple when the final version of its software was released in October. Crash reporting was probably to blame, he believes.

Crash reports

The solution to this problem is to subvert Apple's crash reporting capability by turning it against the company, he says.

"Chronic Dev is ready to turn this little information battle into an all-out, no-holds-barred information WAR," Mr Hill wrote on the Chronic-Dev blog recently, using his nom de guerre Posixninja.

To do this he has written and distributed a program called CDevreporter that iPhone users can download to their PC or Mac. The program intercepts crash reports from their phones destined for Apple and sends them to the Chronic Dev team.

If crash reports are like gold dust then Mr Hill and his team are now sitting on a gold mine.

"In the first couple of days after we released CDevreporter we received about twelve million crash reports," he says.

"I can open up a crash report and pretty much tell if it will be useful or not for developing a jailbreak, but we have so many that I am working on an automated system to help me analyse them."

Malware protection

Carl Leonard, senior research manager at Websense Security Labs, says that the popularity of CDevreporter shows that Apple is not just fighting hackers, but its customers as well.

The Library of Congress has ruled that jailbreaking Apple's iPhones is not illegal in the US

"Users are consciously trying to help the Chronic Dev team, so they clearly want jailbroken phones. They want the additional applications, customisations and features that Apple doesn't want them to have, and which would otherwise not be available to them."

He says that Apple tries to prevent jailbreaking for security reasons - once a phone has been jailbroken users could unwittingly install malware that might not get past Apple's approval process.

Mr Hill rejects this argument: "I am trying to make sure that my phone is safe and your phone is safe. Apple cares about money, not your safety."

Apple said it had no comment to make on these claims at this time.

Legal breaks

It is certainly true that Apple has sometimes been slow to fix genuine security flaws in its software in the past, and on occasions hackers have stepped in to write and distribute fixes to protect users of jailbroken phones.

"Sometimes there is a security benefit to jailbreaking, so you can be protected against some vulnerabilities," Mr Leonard concedes. "But people shouldn't just think jailbreaking is cool. It can be used for good and bad."

Jailbreaking phones is legal in the United States,thanks to a ruling in July 2010by the Library of Congress - an agency that carries out legal research for the US government.

It said it was permissible to circumvent access controls to a copyrighted operating system so long as the aim was to install "lawfully obtained" software.

It is also "apparently not illegal" to jailbreak devices in the UK, although it does invalidate product warranties, according to Simon Halberstam, technology law expert and partner at Kingsley Napley.

But in the future it is possible that criminals will expand on Mr Hill's idea by creating a program that hijacks the crash reports that Microsoft's Windows operating system generates.

If successful they could attempt to use this information to infect computers with viruses and other malicious software. "It would probably not be a significant task to create something like this for Windows," Mr Leonard says.

As yet the Chronic Dev team has not announced that it has found any bugs that it can exploit, but a member of the team called pod2g claims to have found a way to create an untethered jailbreak anyway.

Even if Apple fixes the bug that makes this jailbreak possible, Mr Hill is confident that the hackers will find more ways.

"There's nothing Apple can do that would make jailbreaking impossible," he says.

"Apple will always add new features to its phones, and there will always be bugs in its software. It's just a matter of find the right ones."